Who decides how much security risk to take for a specific system?

Security & GRC

Chief Information Security Officer32%

Chief Information Officer33%

Chief Risk Officer15%

Chief Executive Officer7%

Board3%

System Owner5%

Others (Please specify)2%

lock icon

Please join or sign in to view more content.

1430 PARTICIPANTS
17k views4 Upvotes20 Comments
Sort By:
Oldest
Director Of Information Technology in Construction5 years ago
I believe this to be a combined effort between the system owner, CIO and Board/CEO. The system owner should always try to secure a system the best available tools, however, resources and budget might change the avaibility of this tools
4
CIO5 years ago
It is like asking how much insurance do you need. It really is a call by the CEO and/or the board. System owner/CIO/ciro can only recommend
4
CIO/Project Management Office in Software5 years ago
Depends on the risk. 
As with expenses, anyone beyond the CEO / Board has a level of risk they are willing to take on in their role. Once that level is defined, their job is to deliver the best approach. I personally try to insulate the company from any risk where I can either solve it through negotiation in the contract, or by providing an alternative up front. 
If I can’t see the way out clearly, I escalate and recommend.
4
CEO & Founder in Software5 years ago
It depends on the criticality of the system and the risk associated with it getting compromised. Generally, the mature organizations has some assessment matrix that helps quantify the risk and based on the severity it could be a simple decision by the CIO or a compound decision by CIO/CISO/and CEO. The end game is about risk mitigation and protecting company assets.
2
Consultant - Data Governance and IT Security Program Manager in Finance (non-banking)5 years ago
Corporate risk aptitude is set by board. CIO sets the guidelines for risk mitigations and CISO will oversee the solution implement to mitigate risk for individual systems.
3

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

What cybersecurity topics do you think are critical for CIOs to be more involved in, even in orgs that have a CISO?

Relationship ManagementSecurity & GRCSecurity Strategy & Roadmap+1 more
Director of IT in Healthcare and Biotech9 days ago
Cybersecurity governance and risk management (setting up monitoring of emerging threats), data protection and privacy compliance (standardize on data protection across all channels), incident response and recovery planning ...read more
Read More Comments
1.3k views3 Comments

What tips or advice can you offer for improving collaboration between historically siloed security operations and IT teams? How can you begin building bridges between them to have better teamwork on things like vulnerability remediation?

People & LeadershipIT Strategy & RoadmapSecurity & GRC
CIO in Educationa month ago
I'm going to highly recommend Keith Ferrazzi's new book - Never Lead Alone - the book will explain how to shift from leadership to teamship. People need to be candid and accountable to and with each other as a start, and ...read more
1
Read More Comments
1.6k views1 Upvote3 Comments

Is flutter flow best for app builder software

Applications & PlatformsCloudContact Center & Telecom+15 more

Yes79%

No20%

1.2k views